IPsec tunnel UP but unable to ping remote site

mtafur.mfsac · May 15, 2014, 8:56 PM

Questions:

Is your tunnel up? (verify in the IPSec Status / Logs).
HAve you created the rule for IPSEC (source any / desto: any)?

I had to créate two additional rules in the LAN tab, with source: local subnet / desto: remote subnet and vice versa.

That way I had it working.

lieutdan13 · May 16, 2014, 8:27 PM

Questions:

Is your tunnel up? (verify in the IPSec Status / Logs).
HAve you created the rule for IPSEC (source any / desto: any)?

I had to créate two additional rules in the LAN tab, with source: local subnet / desto: remote subnet and vice versa.

That way I had it working.

I created the rules as stated and the VPN worked for about 5 minutes. After many wasted hours of troubleshooting, I finally removed the IPSec configuration for the tunnel on both sides and started from scratch, setting them up side-by-side. The tunnels have now been working for a few hours without any issues whatsoever. I will give it the weekend before I am confident.

Sharaz · May 21, 2014, 3:26 AM

im sorry (and desperate) to report I have identical issue.

I have 4 vpn tunnels to 4 remote pfsense firewalls. 4 tunnels show up and green, only 3 tunnels transmit data.

ive rebooted all pfsense systems, and all the 3 tunnels work correctly, but the 4th tunnel shows up but no data. I am really hoping to find the solution to this issue! has anyone made any progress lately?

Sharaz · May 21, 2014, 6:19 PM

well, i rebuilt one problem pfsense this morning. rebuilt its 3 ipsec tunnels… 2 came up, and the broken one stayed broken (even tho it shows as green in the status).

ill rebuild the other endpoint tonight and report back.

Overlord · Jan 4, 2017, 8:45 AM

Hey guys

Sorry for grub out the old thread - but there's no other thread open and here's no solution ;)

I have excactly the same issue: 2 IPsec VPNs and I can't ping the remote network - but from the remote network I can ping to my network.

Maybe somebody has an solution?

chhinfo · Mar 14, 2017, 4:53 AM

Overlord >>
you try to search in Status > System Logs > Firewall > Normal View
Maybe that will help you.

Wagabow · Mar 16, 2017, 8:30 AM

@chhinfo:

Overlord >>
you try to search in Status > System Logs > Firewall > Normal View
Maybe that will help you.

I have the same trouble :/ ! What have I could find ? But my configuration is a little bit different, may be it's the reason of that.

[Local site pfSense]–|
[Local computer]–----|--[Local Internet Access Router]–|@@@@@@@@@@|--[Remote Internet Access Router]–[Remote pfSense]–[Router]–[Remote Network]

My Local pfSense have only one network interface and I have a route between Remote pfSense and Remote Network.
But from Remote Network, I can ping Local computer but from Local computer that doesn't work.

What could I find in Status > System Logs > Firewall > Normal View ?

Thank you in advance,
Regards,
W.

Wagabow · May 31, 2017, 1:24 PM

Nobody have a solution ?

I didn't find yet how I could resolv my problem…

Wagab

Brianwiz1 · Jul 24, 2017, 9:07 AM

@hongkonger:

Hi,

I have almost similar issue,

i can RDP to the remote hosts, but cant ping or tracert,

normally this wouldnt bug me much but i have a number of PCs that are unable to connect to the Domain controller on the remote network.

IPsec rules on both pfboxes are pass on any to any.

any thoughts?

thanks

EDIT, my bad I wasn't paying attention to rule in IPsec, its tcp/udp, for ICMP u need a specific rule on both side.

Hi I had a similar issue so i created a rule on the LAN interface that allows any protocol on the specific network on both source and destination.

drdoolittle · Jul 27, 2017, 12:33 PM

I'm having a similar problem, but: I can ping the remote PFSense box and access it via web configurator, but all other hosts on the same subnet are not pingable or otherwise reachable. BUT the remote site can ping/reach everything on my local site.

I also don't see anything being blocked on the firewall. I suppose my problem and possibly also the others mentioned here are some kind of routing problem?

I'm running on pfsense 2.3.4 (remote site) and a Cisco Meraki MX400 (local).

drdoolittle · Aug 4, 2017, 10:19 AM

Hasn't anybody got an idea what the problem could be? :-\

drdoolittle · Aug 8, 2017, 5:07 PM

I finally found a solution!

On the remote PFsense router I went to VPN -> IPSec -> Advanced Settings and disabled "Enable bypass for LAN interface IP" (scroll all the way down) and I finally can connect to the remote host! Check if your windows firewall on that host is on, as it likely will recognize the incoming traffic as non-private traffic and thus might filter it (to test it, shut down the firewall for public networks).